Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

postgresql: Initial parser implementation

Browse source 
This adds a protocol parser for the PostgreSQL protocol and a new
postgresql.log similar to the existing mysql.log.

This should be considered preliminary and hopefully during 7.1 and 7.2
with feedback from the community, we can improve on the events and logs.
Even if most PostgreSQL communication is encrypted in the real-world, this
will minimally allow monitoring of the SSLRequest and hand off further
analysis to the SSL analyzer.

This originates from github.com/awelzel/spicy-postgresql, with lots of
polishing happening in the past two days.
This commit is contained in:
Arne Welzel 2024-09-04 16:59:30 +02:00
parent 2907d9feee
commit 85ca59484b
82 changed files with 1803 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/postgresql.cut Normal file
View file

@ -0,0 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid id.orig_h id.orig_p id.resp_h id.resp_p user database application_name frontend frontend_arg backend backend_arg success rows
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35336 127.0.0.1 5432 - - - ssl_request - ssl_reply N F -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35336 127.0.0.1 5432 zeek zeek psql startup - auth_ok SASL,SASLContinue,SASLFinal T -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35336 127.0.0.1 5432 zeek zeek psql simple_query select now() - - T 1
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35336 127.0.0.1 5432 zeek zeek psql terminate - - - - -